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Fig. 1 Architecture 



Internal E-mail Infrastructure 




Other Networks 
(The Internet) 



Legend: s = sender identity 
r- recipient identity 

P(s,r) = Request security status on a message from s to r 
R x = Security status on a message from s to r 

R, = Ok, continue processing message 

R 2 = Reject, do not process the message 

R 3 = Defer, temporarily defer the message back to the sending server 
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Fig. 2 Inbound Message Preparation 




To Fig 3 
Enforced 
Security 



Legend: = sender identity 
r= recipient identity 
M(s,r) = A message from s to r 

UE_TRUE is a database table containing "real" (i.e. non-proxy) addresses 

UE_ALIAS is a database table containing proxy addresses 

UE_User is a database table containing user information 

BCA = "Business Card Address", the originator address managed by the 

internal mail transport agent (i. e. mail server) 
P s is the security settings for the proxy address registered to s for user 
that owns originator address to which proxy r is a substitute 
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Fig. S Address Translations 

"True" Identifiers (UEJTrue table) 
T1 = Inside Identifier 1 
T2 = Outside Identifier 1 
T3 = Outside Identifier 2 
T4 = Inside Identifier 2 
Tn = Outside Identifier n 

s = sender identity 
r = recipient identity 
a = An address reference to translate 
M(s,r) = A message from s to r 

INBOUND, successfully past security, where: 

1. a = r t s= T2, r= P( T2 T1 ) f then T(a) = T1 

2. a = r, s= 12, r = P( T3 T1 ), then T(a) = T1 

3. a = P( T4 T4 ), s = T2, r = P( T2 T1 ), then T(a) = T4 

4. a = P( T4 T4 ), s = T2, r = P( T3 T1 ) ( then T(a) = T4 

5. a = T3, s = T2, r= P( Tx T1 ), then T(a) = T3 

6. a = P( Tx Ty ) t s = T2, T2 is exempt, r = any P, then T(a) = Ty 

OUTBOUND, no security on outbound, where: 

7. a= r, s= T1, r= T2, then T(a) = P( T2 T1 ) 

8. a = r, s= T1, r= T2, D( T2 T1 ) <> P( T2 T1 ), then T(a) = D( T2 T1 ) 

9. a = r, s= T1, r= T2, D( T2 T1 ) = P( T2 T1 ), then T(a) = P( T2 T1 ) 

10. a = r, s= T1, r= T2, r is exempt, then T(a) = P( T1T1 ) [s] 

1 1 . a = T3, s = T1 , r = T2, then T(a) = P( T3 T1 ) 

12. a = T3, s= T1, r= T2 t D( T3 T1 ) <> P( T3 T1 ), then T(a) = D( T3 T1 ) 

13. a = T3, s= T1, r= T2, D( T1 T2 ) = P( T2 T1 ) t then T(a) = P( T3 T1 ) 

14. a = T3, s = T1, r= T2, T3 is exempt, then T(a) = P( T1rT1 ) [s] 



Proxy Identifiers (UE_Alias table) 

P( T2 T1 ) = Substitute identifier for T1, registered to T2 
P( T3 ] T1 ) = Substitute identifier for T1, registered to T3 
P( T nji) = Substitute identifier for T1 , registered to Tn 

P( Tx Tx ) = Tx, registered to Tx 

T(a) = Method that returns tranlation of address a for a 

message from sto r 
D( Tx T1 ) = Method that returns the proxy P that Tx uses to 
send e-mail to T1. 
Sometimes D( Tx>T1 ) <> P(_ ) 
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Reflexion 




-J"*-*-* - rz * - - «, # . .. .. ...... 

E-majl address ~ - 1 ~ • - ~* - v "\ 

- -Login for authorized users only. ., ^< * ^ ; : - "V-V- r 



(!"' R»m«mber m« cuvthts computer. 

| Login I tzg*** ~~ 




FIG. 7 Login Page 



Reflexion 
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| Password 



{ Options 
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View: Active | All 

FIG. 8 Contacts List 



Contacts 1 - 4 of 4 



Reflexion 



| Contacts | Options 
| Password j Reports 



j History ( Reflected | Logout 



Contact Details 



Unnamed <sonyowtyr.cs.brandeis.edu> 



^jb}"i«jg|1Sonya Aronin 



_ Security Status 
«• Public 
<" Protected 




sonya nov@rfrtech com 1126.54 N 
V Name-orvlhe-fly (sonya nov.wv*@rfxtech com) 




f No :h rt ;-r q 



' ■ . 

12.20 57 Inbound to uw:t 'j'.ip- e. Sum Advanced Foci at 
12, IS*. 39 Inbound lo nwn unique. Subj Standard Footer 



^Exemptions 

^r^ingie^^f«^^ttnnpted from Reflexion 
V The "'domain tyr.es. bra ndeis.edu exempted from Reflexion 




11 29 1 0 To this Nu Stuie addj»'«K. used hy cony-jia-tyT.cs. brjndcb edu 

(Save] .R^el'l 



View aJJ .h'.s lgry 



lllltelsil 



: 




FIG. 9 Contact Details Page 



BST99 1 364948- 1 .065 1 1 3.00 1 1 



23 



10/523 



r~ 



Reflexion 



| Contacts | Options 
| Password | R eports 
I Options | 



| History | Reflated | logout 



Options 



User Properties 




FIG. 10 Reflexion User Options Page 
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Reflexion 



| New User | Exempts 
Users 



| History {Reports | Logout 



Global Exemptions 



Exempt a Domain or Address 



If- 



fcntoi a valid o-mail diddross: | 

<T Exempt the address 



C Un^xt: ri.pl the address 
r Exempt the entire domain 



~H;lQf Exempt the entire domain 



: 'Suh mt 1 ; 'Reset | 




FIG. 1 1 Administrator Add a Global Exemption Page 
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Reflexion ' New User I** 8 ™?** | History [Reports | Logout 



New User 




FIG. 12 Administrator Create New User Page 
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